Cybersecurity & Tech Content I Discovered in 2020

I wrote this tweet about my favourite cybersecurity and tech content I discovered in 2020. I’ve added a bit more content since I’m not limited by the Twitter character limit. These are in no particular order.

PortSwigger Web Security Academy

• Website: https://portswigger.net/web-security
• Twitter: @WebSecAcademy

I only tried this the other day but I’m absolutely blown away with the quality of this. They break down concepts through write-ups, video, and vulnerable labs in and easy to understand way. It’s heavily underrated and I think everyone should start with it if they’re looking to move towards web application hacking.

PentesterLab

• Website: https://pentesterlab.com/
• Twitter: @PentesterLab
• Medium: PentesterLab

Although I’m no stranger and a big advocate for the platform I really dove in and did the Essentials badge recently. Some absolutely fantastic examples of labs and quality writeups.

DarknetDiaries

• Website: https://darknetdiaries.com/
• Twitter: @DarknetDiaries/@JackRhysider

I’m no stranger to this podcast but Jack’s consistent quality of research, interviews and curation of guests is absolutely incredible. From topics like whistleblowing, social engineering, and famous hacks it’s absolutely worth checking out.

InsiderPhD (Katie Paxton-Fear)

• Website: https://insiderphd.dev/
• Twitter: https://twitter.com/InsiderPhD
• YouTube: https://www.youtube.com/user/RapidBug
• GitHub: https://github.com/InsiderPhD

Katie is fantastic at breaking down concepts at a deep level in an easy to digest manner. She focuses on bug bounties and tutorials. I really enjoyed her Burp Suite content as well as API hacking content.

Codingo (Michael Skelton)

• Website: https://codingo.io/
• Twitter: https://twitter.com/codingo_
• YouTube: https://www.youtube.com/channel/UCUfO02gdMDXgOJWdv_jiLMg
• GitHub: https://github.com/codingo

Michael otherwise known as Codingo broke into content creation this year and is absolutely crushing it! He’s well known for his incredible tools and provides deep dive explanations into tools like Ffuf with plenty more to come.

hakluke (Luke Stephens)

• Website: https://hakluke.com/
• Twitter: https://twitter.com/hakluke
• YouTube: https://www.youtube.com/c/hakluke
• GitHub: https://github.com/hakluke
• Medium: Luke Stephens (@hakluke)

Luke broke into content creation this year (on YouTube). He provides some fantastic life advice in the cybersecurity/bug bounty space and has some great interviews on his YouTube channel. You may also recognise him as the author of hakrawler.

Shubs (infosec_au)

• Website: https://assetnote.io/
• Twitter: https://twitter.com/infosec_au
• YouTube: https://www.youtube.com/channel/UCZitj8Ue3lkHwOzDceBVqXA
• GitHub: https://github.com/infosec-au

A well known and loved personality in the cybersecurity space. Shubs is the mastermind behind Assetnote. He broke into content creation (YouTube) this year and also released some killer wordlists. By the looks of it there will be more great content next year.

Farah Hawaa

• Twitter: https://twitter.com/Farah_Hawaa
• YouTube: https://www.youtube.com/c/FarahHawa
• GitHub: https://github.com/farah-hawa

Farah broke into content creation this year (YouTube), she provides a great perspective on bug bounties from a triager perspective. She also posts some quality tutorials on topics like JWT tokens, and web cache poisoning.

Bugcrowd

• Website: https://www.bugcrowd.com/
• Twitter: https://twitter.com/Bugcrowd
• YouTube: https://www.youtube.com/c/Bugcrowd/
• GitHub: https://github.com/bugcrowd

I really dove into the blog, Bugcrowd university and paid more attention to the twitter account this year. There was a great thread by @hakluke about XSS impact the other day.

STÖK

• Website: https://www.stokfredrik.com/
• Twitter: https://twitter.com/stokfredrik
• YouTube: https://www.youtube.com/stokfredrik
• GitHub: https://github.com/stokfredrik

One of the most cheerful people on the internet constantly sending out good vibes. Although I knew of his work prior to this year I never really dug into it until recently going through the YouTube archives finding some quality content in them. STÖK also hosts Bounty Thursdays which is a great way to keep up with the industry.

NahamSec

• Website: https://nahamsec.com/
• Twitter: https://twitter.com/NahamSec
• YouTube: https://www.youtube.com/c/nahamsec
• GitHub: http://github.com/nahamsec
• Twitch: https://www.twitch.tv/nahamsec

Like STÖK I was aware of the quality content Ben produces and shares. I recently dove into some of his past work and gained a lot of value from them. NahamCon2020 was a fantastic way to upskill and the guests he interviews on stream are nothing short of amazing.

JHaddix (Jason Haddix)

• Twitter: https://twitter.com/Jhaddix
• YouTube: https://www.youtube.com/jhaddix
• GitHub: https://github.com/jhaddix
• Twitch: https://www.twitch.tv/js0n_x

Through several avenues I’ve learnt an insane amount. Shoutout specifically to the Bug Hunter Methodology and endless contributions he provides to the community.

Fireship

• Website https://fireship.io/
• Twitter: https://twitter.com/fireship_dev
• YouTube: https://www.youtube.com/channel/UCsBjURrPoezykLs9EqgamOA
• GitHub: https://github.com/fireship-io

Although not specifically cybersecurity Fireship really helped me gain the perspective of developers and broke down concepts and languages in a fast, easy and understandable way.

TechnoTim

• Website: https://www.technotim.live/
• Twitter: https://twitter.com/technotimlive
• YouTube: http://www.youtube.com/c/TechnoTimLive
• GitHub: https://github.com/techno-tim/
• Twitch: https://www.twitch.tv/technotim

Provides insane quality tutorials on homelab content like Docker, Kubernetes, and recently Ansible. He really encouraged me to play with my ESXi machine and improve my home tech life.

Black Hills Information Security

• Website: https://www.blackhillsinfosec.com/
• Twitter: https://twitter.com/BHinfoSecurity
• YouTube: https://www.youtube.com/c/BlackHillsInformationSecurity
• GitHub: https://github.com/blackhillsinfosec/

Although I’m no stranger to Black Hills, they share quality content regularly. A big favourite of mine this year was watching how BB King gets the most out of Burp Suite.

thehackerish

• Website: https://thehackerish.com/
• Twitter: https://twitter.com/thehackerish
• YouTube: https://www.youtube.com/channel/UCIXot2vRgeM5alhAlpTbhQA
• GitHub: https://github.com/thehackerish

Posts quality bug bounty and burp content. They dive deeply into things like Burp Suite plugins and different types of vulnerabilities in greater detail.

Sean Metcalf/Trimarc Security

• Website: https://www.trimarcsecurity.com/
• Twitter (Sean): https://twitter.com/PyroTek3
• Twitter (Trimarc Security): https://twitter.com/TrimarcSecurity
• YouTube: https://www.youtube.com/channel/UCOYG875ADpcMozVhdEQ-Gwg
• GitHub: https://github.com/PyroTek3

Began webcasts throughout this year. Although I’m no stranger to their content including adsecurity.org the webcasts really went next level on Active Directory security and Azure Active Directory security.

Microsoft Security Community

• YouTube: https://www.youtube.com/channel/UCGTUbqE3SJiLgtvWjIkSQuQ

Microsoft needs no introduction. The Microsoft Security community channel provides a deep level of knowledge around everything Azure.

Intune Training

• YouTube: https://www.youtube.com/channel/UCfmMlhX5TW8cicxHw6ExYVA
• Twitter: https://www.twitter.com/IntuneTraining

The Intune Training channel really filled in the gaps with Azure/Intune knowledge where the Microsoft Docs did not.